Cyber Insurance: An Essential Component of Your Risk Management Plan

Cyber-crime is now one of the key areas of risk exposure for businesses, both large and small. In 2014, CERT Australia, the Federal Government’s computer emergency response team, responded to 11,073 cyber-security incidents affecting businesses at a cost of more than $1B.

Malicious software is becoming more sophisticated and more readily available, and is often used to extort intellectual property, commercially sensitive or personal information. The Australian Cyber Security Centre (ACSC) warns that cyber-crime is likely to increase over the next five years including the use of "ransomware" which locks a computer for ransom demands, and "electronic graffiti" which hijacks and defaces public media as key emerging threats.

As businesses grow increasingly dependent on their IT systems, the threat to small to medium businesses (SMBs) from cyber criminals is also rapidly increasing. Robbie Upcroft, Asia-Pacific SMB Manager of Cyber Security company McAfee, has said their data shows that SMBs are at real risk: "The sensational headline is SMBs are under attack but this isn't too far from the truth. If you think about the way cyber criminals are operating, they're going to go where they can make an easy buck. Many SMBs don't know or appreciate that the threat is real and that it could happen to them and worryingly, many don't have policies or procedures in place to combat this growing threat."

SMBs are being increasingly targeted by cyber criminals because they will always hold information that may be valuable to someone else, and often have not sufficiently invested in their IT infrastructure to adequately protect themselves from cyber threats.

In a recent survey by McAfee of SMBs cyber liability exposures, it was found that:

  • 45% had experienced a cyber-event in the preceding 12 months;
  • 30% had experienced a "ransomware" attack resulting in 36% paying money to cyber criminals to retrieve data;
  • 47% had a laptop or PC stolen; and
  • 58% had a company USB or hard drive stolen.

While the replacement of stolen items may be covered under a standard office or business pack insurance policy, the cost associated with replacing data that may have been contained on those items is not. Nor is the fallout if the laptop, PC or USB contained commercially sensitive or personal information. 

How well equipped are you to deal with a cyber security breach?

If your IT system was compromised and the personal contact information of your clients was obtained, how would you respond?


And what would you do if your email was infiltrated?


Have you considered the reputational damage associated with such events?


The reality is that if you do not have an adequate cyber insurance policy in place, you are probably going to be left wanting one when it comes to dealing with the fallout of a cyber breach. Due to the increasing frequency of cyber-attacks, insurers are scrutinising their traditional products and specifically excluding cover for cyber events including destruction, distortion or misuse of electronic data.


As a result of the many gaps in traditional insurance programs, specific cyber products are now available to provide a comprehensive response to cyber-crime. Cyber policies typically provide the following key areas of cover:


 Third Party Claims 

 Business Interruption 

 Remediation Costs 

  • Cover for claims made against a business for failing to keep data secure
  • Payments of fines, penalties & damages 
  • Legal & defence costs
  • Reimbursement of lost profits due to cyber breaches
  • Cover for additional expenses that may be incurred to maintain the day to day operations of a business
  • Cover for costs associated with responding to a cyber-threat
  • Data restoration
  • Cyber extortion
  • Client notification costs
  • Public relations expenses

While the cover afforded under cyber products available is continually improving, insurance policies should not be relied upon as a "first resort" solution to threats. A comprehensive understanding of where your exposures lie, and an appropriate risk management plan is an essential part of protecting your business from cyber-crime.


Every SMB needs to consider the risk they are taking if they do not adequately protect themselves from cyber exposures and put measures in place - including an appropriate cyber insurance policy - to respond to threats. Because it is now not a question of IF your business is at risk, the fact is if you use IT in any form you are at threat and it is only a matter of time before you experience a cyber event. 


If you would like further information on cyber liability insurance please call and speak to one of our consultants.



Specialist Insurance Brokers